Gartner Blog Network


Observations from Symantec’s Vision Conference

by Neil MacDonald  |  April 14, 2010  |  2 Comments

I spent the first part of this week at Symantec’s  Vision Conference in Las Vegas. There is a lot going on across the various enterprise assets that Symantec owns – security, storage, and management. I focused primarily on the security sessions and announcements.

On the positive side of what I heard:

  • Symantec has taken the first step in a unified architecture for its disparate product offerings with the Symantec Protection Center — a common portal providing single sign-on to its disparate products that are proxied through it. Although it’s clear the products underneath come from different groups with a different look and feel, it’s a good veneer at this point, with tighter integration on the roadmap
  • On the messaging and marketing side, Symantec talked quite a bit about the integration and convergence of IT operations and security with longer term roadmaps for better integration and sharing of information across its management and security assets. For now, the veneer provided by SPC above is the first step.
  • Symantec unveiled its Data Insight offering as an add-on to its DLP offering. Finally, an offering that takes advantage of Symantec’s file system expertise (from the acquisition of Veritas) with its security expertise in the form of DLP. Data Insight is targeted to help solve one of the biggest issues with DLP projects – identifying data owners via observed usage patterns.
  • Symantec had several cool proof of concept demonstrations of its workspace virtualization technology delivering a composite desktop using multiple layers created by separation of applications from the OS and the separation of user preferences from the OS and applications.

A few of the areas that still need improvement that I observed:

  • Although Symantec is finally starting to talk about virtualization and security, it hasn’t made much meaningful progress. For example, even the basic ability to randomize and stagger scans for their Symantec Endpoint Protection antimalware client running on VDI servers is just now being added with its imminent SEP RU6. Its major competitors are ahead.
  • Noticeably absent is a solid application control/whitelisting capability. Point solutions from Bit9, CoreTrace, Lumension and others are filling a real gap in protection that many of the AV vendors haven’t addressed. Further, McAfee’s acquisition of Solidcore and integration into EPO has put the heat on Symantec to deliver.
  • Symantec did nothing to close its encryption gap. Sophos, Check Point and McAfee made their moves long ago. Symantec still needs its own technology that would span its security, messaging and storage offerings.

Overall, Symantec needed to show its customers why using the various acquisitions it has made over the years made sense and why using multiple products from Symantec work “better together”. After Enrique Salem’s first year, customers are finally starting to see this in shipping products.

Finally, the best quote I heard during the sessions came in a case study from a security professional from Continental Airlines discussing his company’s journey with the adoption of IT GRC and DLP technologies — “We were tool rich, but carpenter poor”.

Category: beyond-anti-virus  endpoint-protection-platform  virtualization-security  

Tags: beyond-anti-virus  endpoint-protection-platform  information-security  virtualization-security  whitelisting  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio


Thoughts on Observations from Symantec’s Vision Conference


  1. Dear Neil,

    Thank you for the assessment. I find this especially intriguing:

    Noticeably absent is a solid application control/whitelisting capability. Point solutions from Bit9, CoreTrace, Lumension and others are filling a real gap in protection that many of the AV vendors haven’t addressed. Further, McAfee’s acquisition of Solidcore and integration into EPO has put the heat on Symantec to deliver.

    Could you please share your perception of the shear size of the application whitelisting / control market and if it is growing?

    I read with interest your “Application Control Market Update” of 2008. Do you plan to update this update?

    Thank you.
    Dmitry

  2. Neil MacDonald says:

    Dmitry,

    We don’t break out application contol/whitelisting as a separate market as we believe that over the next 3 years this capability will become a standard part of the endpoint protection platform offerings.

    The need is growing. The number of calls I take on this topic has more than doubled since the beginning of the year (Operation Aurora signficantly raised the awareness of the need for application control)

    http://blogs.gartner.com/neil_macdonald/2010/01/21/another-lesson-from-the-ie-zero-day-attacks-on-google-the-power-of-whitelisting/

    Yes, I will be updating the application control market update note. In fact, for clients Mike Silver and I just published this toolkit to help clients choose between the multitude of vendors in the market:

    http://www.gartner.com/resId=1355923



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.